Q

Child domain controller lacks administrative rights

We have two domains with a parent-child relationship. All client desktops are connected to the parent domain. I have an application that will be installed from the child domain to the desktop clients. The problem I am facing now is the child domain controller does not have administrator rights to the client computers. I checked from the child domain controller by giving computer1c$ when it was asking for username and password, whereas when doing the same thing from the parent I can list the contents. Our environment is with Windows 2000 Server and Win2000 Professional as clients. The client application has to be installed on a domain controller, and we want to separate it from the main domain controller.
The child domain accounts do not inherently have permissions in the parent domain. However, if the application that you are using needs to have administrative rights you can put the applications service account name in the local administrators group on the workstations. If you have multiple accounts that need to be local administrators from multiple domains you can also utilize the UNIVERSAL groups. UNIVERSAL groups can contain members from both domains and have a scope of the entire forest. You can then put the UNIV group into the local administrators group on every workstation. In the future, if you need to give techies or other service accounts access you can just add them into the UNIV group.

Paul Hinsberg

Additional Expert Help:
Be sure to check our Answer FAQ for more expert advice.
For faster answers, visit ITKnowledge Exchange.

This was first published in November 2004
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close